Lebanon Hacks to Spy

by Brent Kirkpatrick

(Date Published: 1/19/2018.)

Large-scale campaigns to hack and spy on mobile devices with corporate and civilian targets in more than 20 countries.

Lebanon intelligence appears to have been running a large-scale hacking campaign to gain access to and spy on mobile phones. Lookout and the Electronic Frontier Foundation discovered an open server containing some of the data taken during one of these campaigns. They have published a report detailing the methods used.

This surveillance campaign appears to have used advanced phishing techniques and Trojan applications to hack into mobile devices. After gaining access, the hackers installed their own command and control spyware. They proceeded to collect massive amounts of data, including SMS messages, call records, contact lists, images, account information, browsing data, audio recordings, WiFi details, GPS locations, and corporate and legal documents. The report covers only 81 GB of information, which is believed to be a small fraction of the total taken by the campaign.

The analyzed data was sufficient to reveal the hacker's methods, to reveal their likely identity as the state intelligence agency of Lebanon, and to reveal the reach of the campaign. More than 1000 devices were hacked, including mobile phones and windows computers. These devices had data from at least 20 countries.

This data is only available because the hackers left it on an open, unprotected server. This appears to be only a fraction of the total data taken in this spying campaign with the researchers having tracked 6 similar campaigns, each with their own data server. The reach and scope of this hacking suggests state-sponsored actor. Additionally, there is circumstantial evidence linking what appear to be beta-testing IP addresses to Lebanon's General Directorate of General Security.